I’m really beginning to tire of keeping up with the 50 or so different usernames and passwords required to access the various web sites and software packages I use. It seems that every site nowadays requires a login to access even the most insignificant content. Sadly, services such as BugMeNot have provided little relief for this growing annoyance.
What complicates this problem is the advice given by the majority of online security specialists:
- Never use the same username/password combination on more than one site.
- Change your passwords often.
- Make your passwords as complex as you can by adding numbers and symbols.
- Never keep your usernames/passwords written on paper or a digital document
So in order for me to protect myself as fully as possible, I need to keep track of 50+ different sets of obfuscated credentials for 50+ different sites without the luxury of writing them down anywhere, and then change them at least once a month!?
“So Kody,” you may ask, “why don’t you just use one of the many AutoFill tools freely available from various web browsers and toolbars?” My answer is simple: Lack of mobility. What happens when I am using a public terminal or a computer in a lab or at a friend’s house? By relying on AutoFill tools at home, my ability to remember my credentials while away from my computer would atrophy.
And what happens when I let someone else use my computer to look something up? I never check any of those boxes that say, “Always keep me logged in” or “Remember my password,” so why would I want AutoFill software to automatically insert my personal information into a web form regardless of the user? [See comments below for an explanation on why this was scratched. –km]
As more and more sites require verification, the deep wisdom of Microsoft’s Passport service is becoming all too clear. I’ll admit I was wary of Passport in the beginning, given all the privacy concerns of entrusting access to multiple websites to a single entity (especially when that entity is Microsoft). However, I am finding it more and more tempting to embrace such a service if it means that I don’t have to keep track of dozens of username/password combinations.
Unfortunately, even if I wanted to take advantage of Microsoft’s Passport, it’s not supported on 99% of the sites I would need it for. Even more unfortunate, no other comparable service exists. I’m starting to think that the web is in dire need of a universal credential service with the stigmas associated with Microsoft’s “we want to own everything” corporate image.
So how do intelligent people manage their login information without resorting to the practices of the overtly paranoid? Am I just missing something here? I know there are various password management services available online and for PDAs, but are they actually useful?
I don’t know. Maybe this is just another incentive to do away with usernames and passwords altogether in favor of biometric identification. All I know is that if things don’t improve soon, I may have to resort to shoving a few 1GB sticks of RAM up my nose and hope it’s compatible.